Security News > 2024 > May > New Cuttlefish malware infects routers to monitor traffic for credentials
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office routers to monitor data that passes through them and steal authentication information.
Lumen Technologies' Black Lotus Labs examined the new malware and reports that Cuttlefish creates a proxy or VPN tunnel on the compromised router to exfiltrate data discreetly while bypassing security measures that detect unusual sign-ins.
The method for the initial infection of the routers has yet to be determined, but it could involve exploiting known vulnerabilities or brute-forcing credentials.
Upon execution, Cuttlefish uses a packet filter to monitor all connections through the device, and when it detects specific data, it performs a particular actions based on rulesets that are regularly updated from the attacker's command and control server.
"We suspect this capability enables Cuttlefish to hijack internal traffic through the router, or site-to-site traffic where there is a VPN connection established between routers," explain the researchers.
TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service.